Re: pipe problem

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Greg A. Woods
CC: patl, Robert Black, David Blacka, Pete Ashdown, exim-users
Subject: Re: pipe problem
On Mon, 10 Mar 1997, Greg A. Woods wrote:

> There you go! The only thing you can do for '|' (and '/') addresses in
> ~/.forward files is be very careful with making sure you're running as
> the correct user before you do the delivery. To that end I still
> strongly recommend getting all forms of seteuid() and friends out of the
> code (and using fork() for what it was designed for). Older versions of
> Smail *have* been compromised because of seteuid (on Solaris for one)....


Exim has always used fork() + setuid() for all local delivery transport
processes, both to pipes and files. There is no way you can configure it
not to do this.

The only (optional) use of seteuid() is to become the exim user (rather
than root) for the time from starting up to do deliveries to the time
when it is necessary to become the local user before running the
transport. Oh, yes, it may also use seteuid() when reading .forward
files, it is true.

--
Philip Hazel                   University Computing Service,
ph10@???             New Museums Site, Cambridge CB2 3QG,
P.Hazel@???          England.  Phone: +44 1223 334714